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CLAIMS : 

What is claimed is : 



1 1. A method of enabling use of a secure password, 

2 comprising: 

3 during power up initialization before an operating 

4 system is started, copying security data from a memory 

5 device to a restricted portion of system memory which is 

6 invisible to the operating system; and 

7 before starting the operating system, hard locking the 

8 memory device against direct access so that a reset signal 
is required to unlock the memory device. 

li^^ 2. The method of claim 1, further comprising: 

responsive to receiving an entered password under the 

3||='^ operating system, calling a routine executing within the 

4iSj restricted portion of system memory to verify the password; 

5^ and 

6= J receiving an indication from the routine regarding 

71^ whether the entered password matched a password within the 

8ljf security data copied to the restricted portion of system 

9r|i memory from the memory device . 

1 3. The method of claim 1, wherein the step of copying 

2 security data from a memory device to a restricted portion 

3 of system memory which is invisible to the operating system 

4 further comprises: 

5 checking a return address for a call requesting that 

6 the security data be copied to verify that the call 

7 originated with a trusted routine. 

1 4. The method of claim 3, wherein the step of checking a 
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2 return address for a call requesting that the security data 

3 be copied to verify that the call originated with a trusted 

4 routine further comprises: 

5 placing a label within a basic input/output services 

6 routine implementing a process for copying the security data 

7 immediately after instructions for the call requesting that 

8 the security data be copied; 

9 placing an address for the label within code executing 

10 within the restricted portion of system memory and checking 

11 the return address for the call requesting that the security 

12 data be copied; 

13.^. comparing the return address and the address for the 

14 ■! label; 

15 : responsive to determining that the return address does 

1^^== not match the address for the .label, returning a null 

lit response to the call requesting that the security data be 

l^g copied; and 

19 responsive to determining that the return address 

2C|^^ matches the address for the label, copying the security data 

2ni5 to the restricted portion of system memory and resetting a 

22^;^ retry counter. 

1 5. The method of claim 1, wherein the step of copying 

2 security data from a memory device to a restricted portion 

3 of system memory which is invisible to the operating system 

4 further comprises: 

5 copying the password and other sensitive data which 

6 requires protection from access under the operating system. 

1 6. The method of claim 1, wherein the step of copying 

2 security data from a memory device to a restricted portion 

3 of system memory which is invisible to the operating system 
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further comprises; 

loading the security data to regular system memory 
prior to initiating the call requesting that the security 
data be copied; and 

upon receiving any response to the call requesting that 
the security data be copied, erasing the security data from 
regular system memory . before starting the operating system. 
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7. A method of enabling use of a secure password, 
comprising : 

responsive to receiving an entered password under an 
operating system, calling a routine executing within a 
restricted portion of system memory to verify the password, 
wherein the restricted portion of system memory is invisible 
to the operating system and wherein the operating system and 
routines executing within the restricted portion of system 
memory communicate through a calling convention; and 

receiving only an indication from the routine executing 
within the restricted portion of memory regarding whether 
the entered password matched a password stored within the 
restricted portion of system memory. 

8. The method of claim 7, further comprising: 

during power up initialization before the operating 
system is started, copying a password from a memory device 
to the restricted portion of system memory; and 

before starting the operating system, hard locking the 
memory device against direct access so that a reset signal 
is required to unlock the memory device. 

9. The method of claim 7, further comprising: 
determining whether a password is required for an 

operation by checking with the routine executing within a 
restricted portion of system memory to verify existence of a 
password. 

10. The method of claim 7, further comprising: 
limiting a number of retries for a user to reenter a 

password. 
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11. The method of claim 7, further comprising: 

transmitting the entered password entered by a user to 

the routine executing within a restricted portion of system 

memory using the calling convention; and 

responsive to receiving an indication from the routine 

executing within the restricted portion of memory that the 

entered password matched the password stored within the 

restricted portion of system memory, continuing an operation 

requiring the entered password for execution. 
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1 12 . A data processing system, comprising: 

2 a memory device which may be hard locked against direct 

3 access so that a reset signal is required to unlock the 

4 memory device; and 

5 a power up initialization routine executing within the 

6 data processing system, 

7 wherein the power up initialization routine, before 

8 starting an operating system, copies security data from the 

9 memory device to a restricted portion of system memory which 

10 is invisible to the operating system and hard locks the 

11 memory device. 

l:Jl 13, The data processing system of claim 12, wherein the 

2:':' power up initialization routine, responsive to receiving an 

entered password under the operating system, calls a routine 

4i-J? executing within the restricted portion of system memory to 

verify the password and receives an indication from the 

6: routine regarding whether the entered password matched a 

7:''' password within the security data copied to the restricted 

8\n portion of system memory from the memory device. 

1]% 14. The data processing system of claim 13, wherein the 

2 routine executing within the restricted portion of system 

3 memory checks a return address for a call requesting that 

4 the security data be copied to verify that the call 

5 originated with a trusted routine. 

1 15. The data processing system of claim 13, wherein the 

2 power up initialization routine, to facilitate checking a 

3 return address for a call requesting that the security data 

4 be copied to verify that the call originated with a trusted 

5 routine, places a label within a basic input /output services 
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6 routine implementing a process for copying the security data 

7 immediately after instructions for the call requesting that 

8 the security data be copied, 

9 wherein the routine executing within the restricted 

10 portion of system memory contains an address for the label, 

11 checks the return address for the call requesting that the 

12 security data be copied, and compares the return address and 

13 the address for the label and, 

14 responsive to determining that the return address 

15 does not match the address for the label, returning a 

16 null response to the call requesting that the security 
17|;5 data be copied, and 

responsive to determining that the return address 
19, J matches the address for the label, copying the security 

20^^ data to the restricted portion of system memory and 

21j:; resetting a retry counter. 

i 0 

1; 16. The data processing system of claim 12, wherein the 

power up initialization routine copies the password and 

3t;| other sensitive data which requires protection from access 

4.!:;^^ under the. operating system, 

x' 'J 

1 17. The data processing system of claim 12, wherein the 

2 power up initialization routine loads the security data to 

3 regular system memory prior to initiating the call 

4 requesting that the security data be copied and, upon 

5 receiving any response to the call requesting that the 

6 security data be copied, erases the security data from 

7 regular system memory before starting the operating system. 
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1 18. A data processing system, comprising: 

2 an operating system; 

3 a memory device which may be hard locked against direct 

4 access so that a reset signal is required to unlock the 

5 memory device; 

6 a system memory including a restricted portion 

7 invisible to the operating system, wherein the operating 

8 system and routines executing within the restricted portion 

9 of system memory communicate through a calling convention; 

10 and 

11 a power up initialization routine executing within the 
12r;j data processing system, wherein the power up initialization 
13 routine, responsive to receiving an entered password under 
14 an operating system, calls a routine executing within a 
15l^ restricted portion of system memory to verify the password, 
16 ;p and receives only an indication from the routine executing 
17jii within the restricted portion of memory regarding whether 
18 ; the entered password matched a password stored within the 
19 \^ restricted portion of system memory. 

l-^;f 19. The data processing system of claim 18, wherein the 

2111 power up initialization routine, during power up 

3 initialization before the operating system is started, 

4 copies a password from the memory device to the restricted 

5 portion of system memory and, before starting the operating 

6 system, hard locks the memory device against direct access 

7 so that a reset signal is required to unlock the memory 

8 device . 

1 20. The data processing system of claim 18, wherein the 

2 power up initialization routine determines whether a 

3 password is required for an operation by checking with the 
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4 routine executing within a restricted portion of system 

5 memory to verify existence of a password, 

1 21, The data processing system of claim 18, wherein the 

2 routine executing within a restricted portion of system 

3 memory to verify the password limits a number of retries for 

4 a user to reenter a password. 

1 22. The data processing system of claim 18, wherein the 

2 power up initialization routine transmits the entered 

3 password entered by a user to the routine executing within a 
4-;^. restricted portion of system memory using the calling 

5 5 convention and, responsive to receiving an indication from 
6,''^ the routine executing within the restricted portion of 

7:,v memory that the entered password matched the password stored 

8; 3 within the restricted portion of system memory, continues an 
operation requiring the entered password for execution. 
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23. A computer program product within a computer usable 
medium for enabling use of a secure password, comprising: 

instructions for copying security data from a memory 
device to a restricted portion of system memory which is 
invisible to the operating system during power up 
initialization before an operating system is started; and 

instructions for hard locking the memory device against 
direct access so that a reset signal is required to unlock 
the memory device before starting the operating system. 

24. The computer program product of claim 23, further 
comprising : 

instructions, responsive to receiving an entered 
password under the operating system, for calling a routine 
executing within the restricted portion of system memory to 
verify the password; and 

instructions for receiving an indication from the 
routine regarding whether the entered password matched a 
password within the security data copied to the restricted 
portion of system memory from the memory device. 

25. The computer program product of claim 23, wherein the 
instructions for copying security data from a memory device 
to a restricted portion of system memory which is invisible 
to the operating system further comprise: 

instructions for checking a return address for a call 
requesting that the security data be copied to verify that 
the call originated with a trusted routine, 

26. The computer program product of claim 25, wherein the 
instructions for checking a return address for a call 
requesting that the security data be copied to verify that 
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4 the call originated with a trusted routine further comprise: 

5 instructions for placing a label within a basic 

6 input /output services routine implementing a process for 

7 copying the security data immediately after instructions for 

8 the call requesting that the security data be copied; 

9 an address for the label within code executing within 

10 the restricted portion of system memory and checking the 

11 return address for the call requesting that the security 

12 data be copied; 

13 instructions for comparing the return address and the 

14 address for the label; 

15^,^ instructions, responsive to determining that the return 

l^ji address does not match the address for the label, for 
17 returning a null response to the call requesting that the 

isi-. security data be copied; and 

15i':i instructions, responsive to determining that the return 

2C^|f address matches the address for the label, for copying the 

21 security data to the restricted portion of system memory and 

22!^' resetting a retry counter. 

2}i 27. The computer program product of claim 23, wherein the 

i^Z instructions for copying security data from a memory device 

2 to a restricted portion of system memory which is invisible 

4 to the operating system further comprise: 

5 instructions for copying the password and other 

6 sensitive data which requires protection from access under 

7 the operating system, 

1 28. The computer program product of claim 23, wherein the 

2 instructions for copying security data from a memory device 

3 to a restricted portion of system memory which is invisible 

4 to the operating system further comprise: 
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5 instructions for loading the security data to regular 

6 system memory prior to initiating the call requesting that 

7 the security data be copied; and 

8 instructions for erasing the security data from regular 

9 system memory before starting the operating system upon 

10 receiving any response to the call requesting that the 

11 security data be copied. 
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29. A computer program product within a computer usable 
medium for enabling use of a secure password, comprising: 

instructions, responsive to receiving an entered 
password under an operating system, for calling a routine 
executing within a restricted portion of system memory to 
verify the password, wherein the restricted portion of 
system memory is invisible to the operating system and 
wherein the operating system and routines executing within 
the restricted portion of system memory communicate through 
a calling convention; and 

instructions for receiving only an indication from the 
routine executing within the restricted portion of memory 
regarding whether the entered password matched a password 
stored within the restricted portion of system memory. 

30. The computer program product of claim 29, further 
comprising : 

instructions for copying a password from a memory 
device to the restricted portion of system memory during 
power up initialization before the operating system is 
started; and 

instructions for hard locking the memory device against 
direct access so that a reset signal is required to unlock 
the memory device before starting the operating system. 

31. The computer program product of claim 29, further 
comprising : 

instructions for determining whether a password is 
required for an operation by checking with the routine 
executing within a restricted portion of system memory to 
verify existence of a password. 
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1 32. The computer program product of claim 29, further 

2 comprising: 

3 instructions for limiting a number of retries for a 

4 user to reenter a password. 

1 33. The computer program product of claim 29, further 

2 comprising: 

3 instructions for transmitting the entered password 

4 entered by a user to the routine executing within a 

5 restricted portion of system memory using the calling 

6 convent ion ; and 

1 instructions, responsive to receiving an indication 

S'-i from the routine executing within the restricted portion of 

9r|? memory that the entered password matched the password stored 

10 M within the restricted portion of system memory, for 

11, "|( continuing an operation requiring the entered password for 

12 III execution. 



13 
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